sHype Hypervisor Security Architecture - A Layered Approach for the Xen Open-Source Hypervisor

Reiner Sailer
IBM T. J. Watson

Monday, 23 January, 3:00PM
Lieb 3rd floor conference room
Computer Science Department
Stevens Institute of Technology
 

Abstract


sHype is a hypervisor security architecture developed by IBM Research for different virtual machine monitors. It is available as an integral part of the Xen open-source hypervisor. sHype originally builds on the advantages of the emerging and broadly available hardware support for virtualization by providing simple system-independent and robust security policies. It controls virtual resources across multiple platforms. Our main objective is to provide a secure foundation for server platforms, providing functions such as strong isolation, mediated sharing between virtual machines, attestation and integrity guarantees for the hypervisor and its virtual machines, resource control, and secure services. In this talk, I will focus on the sHype access control framework and its implementation into the Xen hypervisor: first on the Xen access control policies and second on the layering of operating system security policies on top sHype. This talk will conclude with a comparison of sHype to other currently available virtual machine monitor security solutions and potential research issues.